	package springBoot_dzfpxt.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import springBoot_dzfpxt.service.CustomUserService;

//configuration注解的意思是表明这个类是个配置类
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

		@Autowired
		private CustomUserService customUserService;

		@Override
		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
			auth
				.userDetailsService(customUserService)  	//设置用什么去查找用户
				.passwordEncoder(new BCryptPasswordEncoder()); //设置用什么去对密码加密，在spring boot 2.0这个是必须的
			auth.inMemoryAuthentication().withUser("aaa").password("{noop}1234").roles("DBA");
		}

		@Override
		protected void configure(HttpSecurity http) throws Exception {
			 	http.csrf().disable();
				http.formLogin()
						.loginPage("/login").permitAll()
						
						//设置默认登录成功跳转页面
		                .defaultSuccessUrl("/Beforemain")
		                .failureUrl("/login?error");
				
		        http.authorizeRequests().antMatchers("/static/**").permitAll();
		        http.authorizeRequests().antMatchers("/webjars/**").permitAll();
		        http.logout().logoutUrl("/logout").permitAll();
		        http.authorizeRequests().anyRequest().authenticated();
		}
}
